samba - Oct 2019 - Removed a DC but...

Hai, 

The steps shown here dont work? 
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC 

If that is the case and you besides that free of errors. 
Then upgrade, and try again once your on at least samba 4.9 or 4.10. 

As im hoping you are upgrade straight to Buster. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: woensdag 2 oktober 2019 12:25
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Removed a DC but...
> 
> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
> 
> > The "what" or How you remove it does not really matter ( in 
> your case of 4.5.x ) 
> > You must cleanup AD and DNS. 
> > I just use the ADUC for AD and DNS tool in windows and 
> remove all unneeded entries. 
> 
> OK. Done. Check in progess (via ./samba-check-db-repl.sh) and 
> all seems
> OK.
> 
> But i've remove also a 'site' (with site and services), but
found on
> the dns many _sites\SITENAME\_tcp or _udp entry, but i can remove only
> the entry, not the SITENAME zone... say 'function not supported' or
> something like that.
> 
> How can i cleanup 'dead' sites in DNS? Thanks.
> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bont?, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...
> The steps shown here dont work? 
> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC 
It is what i've done when i've removed the DC, in february...

> If that is the case and you besides that free of errors. 
> Then upgrade, and try again once your on at least samba 4.9 or 4.10. 
I was sure there's no errors before, but after removing dangling DNS
records now i have:

 root at vdcsv1:~# samba-tool dbcheck --cross-ncs | grep "^ERROR: "
 ERROR: no target object found for GUID component for msDS-NC-Replica-Locations
in object
CN=58eba604-07e5-4c5d-a104-9e6f4907248f,CN=Partitions,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
-
<GUID=f060b28c-e27e-45f0-89c1-527474a6919c>;<RMD_ADDTIME=131533251720000000>;<RMD_CHANGETIME=131533251720000000>;<RMD_FLAGS=0>;<RMD_INVOCID=bc3f89e3-8ce4-4ddd-956a-ea740e8b2f12>;<RMD_LOCAL_USN=6174>;<RMD_ORIGINATING_USN=6174>;<RMD_VERSION=0>;CN=NTDS
Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
 ERROR: no target object found for GUID component for msDS-NC-Replica-Locations
in object
CN=58eba604-07e5-4c5d-a104-9e6f4907248f,CN=Partitions,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
-
<GUID=5de0fcf4-0674-45e9-95df-441773a1f988>;<RMD_ADDTIME=131533256290000000>;<RMD_CHANGETIME=131533256290000000>;<RMD_FLAGS=0>;<RMD_INVOCID=bc3f89e3-8ce4-4ddd-956a-ea740e8b2f12>;<RMD_LOCAL_USN=6187>;<RMD_ORIGINATING_USN=6187>;<RMD_VERSION=0>;CN=NTDS
Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
 ERROR: no target object found for GUID component for msDS-NC-Replica-Locations
in object
CN=58eba604-07e5-4c5d-a104-9e6f4907248f,CN=Partitions,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
-
<GUID=bdab9051-0882-40ec-bf6e-b223e4adecd8>;<RMD_ADDTIME=131701765340000000>;<RMD_CHANGETIME=131701765340000000>;<RMD_FLAGS=0>;<RMD_INVOCID=a3936e8e-b69e-4b96-8bb5-9f6eb963bee9>;<RMD_LOCAL_USN=202812>;<RMD_ORIGINATING_USN=73108>;<RMD_VERSION=0>;CN=NTDS
Settings,CN=VDCUD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
 ERROR: target DN is deleted for siteList in object
CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it -
<GUID=f1afd758-05c0-4f77-862f-23ce2ba48b8f>;<RMD_ADDTIME=131701784280000000>;<RMD_CHANGETIME=131701784280000000>;<RMD_FLAGS=0>;<RMD_INVOCID=5e88c5bf-578b-4ac7-9bee-59d19d1b6b06>;<RMD_LOCAL_USN=202866>;<RMD_ORIGINATING_USN=42832>;<RMD_VERSION=0>;CN=UDINE,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
 ERROR: no target object found for GUID component for interSiteTopologyGenerator
in object CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
- <GUID=bdab9051-0882-40ec-bf6e-b223e4adecd8>;CN=NTDS
Settings,CN=VDCUD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
 ERROR: no target object found for GUID component for msDS-NC-Replica-Locations
in object
CN=16b8c008-6c59-4b65-9f1b-530751904a75,CN=Partitions,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
-
<GUID=f060b28c-e27e-45f0-89c1-527474a6919c>;<RMD_ADDTIME=131533251720000000>;<RMD_CHANGETIME=131533251720000000>;<RMD_FLAGS=0>;<RMD_INVOCID=bc3f89e3-8ce4-4ddd-956a-ea740e8b2f12>;<RMD_LOCAL_USN=6175>;<RMD_ORIGINATING_USN=6175>;<RMD_VERSION=0>;CN=NTDS
Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
 ERROR: no target object found for GUID component for msDS-NC-Replica-Locations
in object
CN=16b8c008-6c59-4b65-9f1b-530751904a75,CN=Partitions,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
-
<GUID=5de0fcf4-0674-45e9-95df-441773a1f988>;<RMD_ADDTIME=131533256290000000>;<RMD_CHANGETIME=131533256290000000>;<RMD_FLAGS=0>;<RMD_INVOCID=bc3f89e3-8ce4-4ddd-956a-ea740e8b2f12>;<RMD_LOCAL_USN=6188>;<RMD_ORIGINATING_USN=6188>;<RMD_VERSION=0>;CN=NTDS
Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
 ERROR: no target object found for GUID component for msDS-NC-Replica-Locations
in object
CN=16b8c008-6c59-4b65-9f1b-530751904a75,CN=Partitions,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
-
<GUID=bdab9051-0882-40ec-bf6e-b223e4adecd8>;<RMD_ADDTIME=131701765350000000>;<RMD_CHANGETIME=131701765350000000>;<RMD_FLAGS=0>;<RMD_INVOCID=a3936e8e-b69e-4b96-8bb5-9f6eb963bee9>;<RMD_LOCAL_USN=202802>;<RMD_ORIGINATING_USN=73109>;<RMD_VERSION=0>;CN=NTDS
Settings,CN=VDCUD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it

i can try with:

	samba-tool dbcheck --cross-ncs --fix
?

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bont?, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

samba-tool dbcheck --cross-ncs --fix
Yes, should be possible, but i normaly do that after i do the following. 

search for : 
CN=58eba604-07e5-4c5d-a104-9e6f4907248f
And
CN=16b8c008-6c59-4b65-9f1b-530751904a75 

In _msdc.dom.tld. 
Verify which GUID is removed, you can see that, then remove the old server GUID.

Run : 
dig CNAME 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it
dig CNAME 16b8c008-6c59-4b65-9f1b-530751904a75._msdcs.ad.fvg.lnf.it

To see the name of the server, then you know which one to pick for sure. 


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: woensdag 2 oktober 2019 14:13
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Removed a DC but...
> 
> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
> 
> > The steps shown here dont work? 
> > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC 
> 
> It is what i've done when i've removed the DC, in february...
> 
> 
> > If that is the case and you besides that free of errors. 
> > Then upgrade, and try again once your on at least samba 4.9 
> or 4.10. 
> 
> I was sure there's no errors before, but after removing dangling DNS
> records now i have:
> 
>  root at vdcsv1:~# samba-tool dbcheck --cross-ncs | grep "^ERROR:
"
>  ERROR: no target object found for GUID component for 
> msDS-NC-Replica-Locations in object 
> CN=58eba604-07e5-4c5d-a104-9e6f4907248f,CN=Partitions,CN=Confi
guration,DC=ad,DC=fvg,DC=lnf,DC=it - <GUID=f060b28c->
e27e-45f0-89c1-527474a6919c>;<RMD_ADDTIME=131533251720000000>;
<RMD_CHANGETIME=131533251720000000>;<RMD_FLAGS=>
0>;<RMD_INVOCID=bc3f89e3-8ce4-4ddd-956a-ea740e8b2f12>;<RMD_LOC
AL_USN=6174>;<RMD_ORIGINATING_USN=6174>;<RMD_VERSION=0>;CN=NTDS
> Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
>  ERROR: no target object found for GUID component for 
> msDS-NC-Replica-Locations in object 
> CN=58eba604-07e5-4c5d-a104-9e6f4907248f,CN=Partitions,CN=Confi
guration,DC=ad,DC=fvg,DC=lnf,DC=it - <GUID=>
5de0fcf4-0674-45e9-95df-441773a1f988>;<RMD_ADDTIME=13153325629
0000000>;<RMD_CHANGETIME=131533256290000000>;<RMD_FLAGS=>
0>;<RMD_INVOCID=bc3f89e3-8ce4-4ddd-956a-ea740e8b2f12>;<RMD_LOC
AL_USN=6187>;<RMD_ORIGINATING_USN=6187>;<RMD_VERSION=0>;CN=NTDS
> Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
>  ERROR: no target object found for GUID component for 
> msDS-NC-Replica-Locations in object 
> CN=58eba604-07e5-4c5d-a104-9e6f4907248f,CN=Partitions,CN=Confi
guration,DC=ad,DC=fvg,DC=lnf,DC=it - <GUID=bdab9051-0882-40ec->
bf6e-b223e4adecd8>;<RMD_ADDTIME=131701765340000000>;<RMD_CHANG
> ETIME=131701765340000000>;<RMD_FLAGS=0>;<RMD_INVOCID=a3936e8e-
> b69e-4b96-8bb5-9f6eb963bee9>;<RMD_LOCAL_USN=202812>;<RMD_ORIGI
NATING_USN=73108>;<RMD_VERSION=0>;CN=NTDS >
Settings,CN=VDCUD1,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
>  ERROR: target DN is deleted for siteList in object 
> CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site 
> Transports,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
>  - 
> <GUID=f1afd758-05c0-4f77-862f-23ce2ba48b8f>;<RMD_ADDTIME=13170
1784280000000>;<RMD_CHANGETIME=131701784280000000>;<RMD_FLAGS=>
0>;<RMD_INVOCID=5e88c5bf-578b-4ac7-9bee-59d19d1b6b06>;<RMD_LOC
>
AL_USN=202866>;<RMD_ORIGINATING_USN=42832>;<RMD_VERSION=0>;CNUDINE,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
>  ERROR: no target object found for GUID component for 
> interSiteTopologyGenerator in object CN=NTDS Site 
> Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
DC=ad,DC=fvg,DC=lnf,DC=it - <GUID=bdab9051-0882-40ec-bf6e->
b223e4adecd8>;CN=NTDS 
> Settings,CN=VDCUD1,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
>  ERROR: no target object found for GUID component for 
> msDS-NC-Replica-Locations in object 
> CN=16b8c008-6c59-4b65-9f1b-530751904a75,CN=Partitions,CN=Confi
> guration,DC=ad,DC=fvg,DC=lnf,DC=it - 
> <GUID=f060b28c-e27e-45f0-89c1-527474a6919c>;<RMD_ADDTIME=13153
3251720000000>;<RMD_CHANGETIME=131533251720000000>;<RMD_FLAGS=>
0>;<RMD_INVOCID=bc3f89e3-8ce4-4ddd-956a-ea740e8b2f12>;<RMD_LOC
AL_USN=6175>;<RMD_ORIGINATING_USN=6175>;<RMD_VERSION=0>;CN=NTDS
> Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
>  ERROR: no target object found for GUID component for 
> msDS-NC-Replica-Locations in object 
> CN=16b8c008-6c59-4b65-9f1b-530751904a75,CN=Partitions,CN=Confi
> guration,DC=ad,DC=fvg,DC=lnf,DC=it - 
> <GUID=5de0fcf4-0674-45e9-95df-441773a1f988>;<RMD_ADDTIME=13153
3256290000000>;<RMD_CHANGETIME=131533256290000000>;<RMD_FLAGS=>
0>;<RMD_INVOCID=bc3f89e3-8ce4-4ddd-956a-ea740e8b2f12>;<RMD_LOC
AL_USN=6188>;<RMD_ORIGINATING_USN=6188>;<RMD_VERSION=0>;CN=NTDS
> Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
>  ERROR: no target object found for GUID component for 
> msDS-NC-Replica-Locations in object 
> CN=16b8c008-6c59-4b65-9f1b-530751904a75,CN=Partitions,CN=Confi
> guration,DC=ad,DC=fvg,DC=lnf,DC=it - 
> <GUID=bdab9051-0882-40ec-bf6e-b223e4adecd8>;<RMD_ADDTIME=13170
1765350000000>;<RMD_CHANGETIME=131701765350000000>;<RMD_FLAGS=>
0>;<RMD_INVOCID=a3936e8e-b69e-4b96-8bb5-9f6eb963bee9>;<RMD_LOC
>
AL_USN=202802>;<RMD_ORIGINATING_USN=73109>;<RMD_VERSION=0>;CNNTDS
Settings,CN=VDCUD1,CN=Servers,CN=Default-First-Site->
Name,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
> 
> i can try with:
> 
> 	samba-tool dbcheck --cross-ncs --fix
> ?
> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bont?, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

On 02/10/2019 13:52, L.P.H. van Belle via samba wrote:
> samba-tool dbcheck --cross-ncs --fix
> Yes, should be possible, but i normaly do that after i do the following.
>
> search for :
> CN=58eba604-07e5-4c5d-a104-9e6f4907248f
> And
> CN=16b8c008-6c59-4b65-9f1b-530751904a75
>
> In _msdc.dom.tld.
> Verify which GUID is removed, you can see that, then remove the old server
GUID.
>
> Run :
> dig CNAME 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it
> dig CNAME 16b8c008-6c59-4b65-9f1b-530751904a75._msdcs.ad.fvg.lnf.it
>
> To see the name of the server, then you know which one to pick for sure.
Yes, but why wasn't it removed in the first place ?

Which method was used to demote the DC, standard demote or with 
--demote-other-dead-dc ?

Rowland